Out of curiosity, how did you verify that the emails were actually sent before storing the hash. What would prevent me from storing a hash on your server without sending the email?
We didn't (this story isn't exactly our use case), but think of how much easier this would be to arbitrate if Ceglia could prove that those emails existed on Feb 4, 2004 instead of this year.
Now it's possible he could have had the foresight to make and hash fake emails that he didn't send just in case, but you've still significantly raised the bar for fraud from just "finding" emails from 2004.
Now it's possible he could have had the foresight to make and hash fake emails that he didn't send just in case, but you've still significantly raised the bar for fraud from just "finding" emails from 2004.